package com.ruoyi.common.xss;

import com.ruoyi.common.utils.StringUtils;
import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/**
 * XSS过滤处理
 *
 * @author ruoyi
 */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    /**
     * @param request
     */
    public XssHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    @Override
    public String[] getParameterValues(String name) {
        final  String EXCLUDE_XSS="base64";

        String[] values = super.getParameterValues(name);
        String beforeClean;
        if (values != null) {
            int length = values.length;
            String[] escapseValues = new String[length];
            for (int i = 0; i < length; i++) {
                beforeClean = values[i];
                // 防xss攻击和过滤前后空格
                // todo 这里为了富文本base64可以上传，将包含base64的放过
                if (!StringUtils.contains(beforeClean,EXCLUDE_XSS)){
                    escapseValues[i] = Jsoup.clean(beforeClean, Whitelist.relaxed()).trim();
                }else{
                    escapseValues[i] = beforeClean;
                }
            }
            return escapseValues;
        }
        return super.getParameterValues(name);
    }
}